﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Util;
namespace WebPortal
{
    /// <summary>
    /// 防sql注入类
    /// </summary>
    public class CustomRequestValidation : RequestValidator
    {
        public CustomRequestValidation() { }
        protected override bool IsValidRequestString(HttpContext context, string value, RequestValidationSource requestValidationSource, string collectionKey, out int validationFailureIndex)
        {
            bool request = true;
            int idx = 0;
            string sqlStr = "'|select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec|netlocalgroup administrators|net user";
            string[] anySqlStr = sqlStr.Split('|');
            foreach (string s in anySqlStr)
            {
                idx = value.ToLower().IndexOf(s);
                if (idx > -1)
                {
                    request = false;
                }
            }
            validationFailureIndex = idx;
            return request;
        }
    }
}